- def update
- unless @valid_params
- redirect_to :action => "edit"
- return
- end
-
- if @user_block.creator_id != @user.id
- flash[:error] = t('user_block.update.only_creator_can_edit')
- redirect_to :action => "edit"
- return
- end
-
- if @user_block.update_attributes({ :ends_at => Time.now.getutc() + @block_period.hours,
- :reason => params[:user_block][:reason],
- :needs_view => params[:user_block][:needs_view] }, :without_protection => true)
- flash[:notice] = t('user_block.update.success')
- redirect_to(@user_block)
+ def update
+ if @valid_params
+ if cannot?(:update, @user_block)
+ flash[:error] = t(@user_block.revoker ? ".only_creator_or_revoker_can_edit" : ".only_creator_can_edit")
+ redirect_to :action => "edit"
+ else
+ user_block_was_active = @user_block.active?
+ @user_block.reason = params[:user_block][:reason]
+ @user_block.needs_view = params[:user_block][:needs_view]
+ @user_block.ends_at = Time.now.utc + @block_period.hours
+ @user_block.deactivates_at = (@user_block.ends_at unless @user_block.needs_view)
+ @user_block.revoker = current_user if user_block_was_active && !@user_block.active?
+ if user_block_was_active && @user_block.active? && current_user != @user_block.creator
+ flash.now[:error] = t(".only_creator_can_edit_without_revoking")
+ render :action => "edit"
+ elsif !user_block_was_active && @user_block.active?
+ flash.now[:error] = t(".inactive_block_cannot_be_reactivated")
+ render :action => "edit"
+ else
+ unless user_block_was_active
+ @user_block.ends_at = @user_block.ends_at_was
+ @user_block.deactivates_at = @user_block.deactivates_at_was
+ @user_block.deactivates_at = [@user_block.ends_at, @user_block.updated_at].max unless @user_block.deactivates_at # take updated_at into account before deactivates_at is backfilled
+ end
+ if @user_block.save
+ flash[:notice] = t(".success")
+ redirect_to @user_block
+ else
+ render :action => "edit"
+ end
+ end
+ end